[oe-commits] [openembedded-core] 49/57: cve-check: short-circuit checking if CVE_PRODUCT isn't set
git at git.openembedded.org
git at git.openembedded.org
Thu Feb 15 13:31:48 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit d89e2c0e9477a1dfeb4c33ea2aa060e8876dae62
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Fri Feb 9 12:43:17 2018 +0000
cve-check: short-circuit checking if CVE_PRODUCT isn't set
For some recipes is is meaningless to do a CVE check, for example packagegroups
or images. Check that CVE_PRODUCT is set and short-circuit the scan if it
isn't.
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
meta/classes/cve-check.bbclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883..d8087dd 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
cves_patched = []
cves_unpatched = []
bpn = d.getVar("CVE_PRODUCT")
+ # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+ if not bpn:
+ return ([], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
cves = " ".join(patched_cves)
cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list